GithubHelp home page GithubHelp logo

nikitabelonogov / terraform-kubernetes-cert-manager Goto Github PK

View Code? Open in Web Editor NEW

This project forked from terraform-iaac/terraform-kubernetes-cert-manager

0.0 0.0 0.0 236 KB

Terraform module for Kubernetes Cert Manager

License: Apache License 2.0

HCL 100.00%

terraform-kubernetes-cert-manager's Introduction

Terraform module for Kubernetes Cert Manager

Terraform module used to create Cert Manager in Kubernetes, with auto http validation issuer. With simple syntax.

Usage

You should to add into your terraform, kubectl & helm provider configuration:

provider "kubectl" {
  # Same config as in kubernetes provider
}
provider "helm" {
  kubernetes {
    # Same config as in kubernetes provider
  }
}
terraform {
  required_providers {
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = "1.13.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "2.3.0"
    }
  }
}

To activate TLS auto generation, please add this annotation to ingress:

cert-manager.io/cluster-issuer = module.cert_manager.cluster_issuer_name

Terraform example

module "cert_manager" {
  source        = "terraform-iaac/cert-manager/kubernetes"

  cluster_issuer_email                   = "[email protected]"
  cluster_issuer_name                    = "cert-manager-global"
  cluster_issuer_private_key_secret_name = "cert-manager-private-key"
}

Inputs

Name Description Type Default Required
namespace_name Name of created namespace string cert-manager no
chart_version HELM Chart Version for cert-manager ( It is not recommended to change ) string cert-manager no
create_namespace Create namespace or use exist bool true no
cluster_issuer_server The ACME server URL string https://acme-v02.api.letsencrypt.org/directory no
cluster_issuer_email Email address used for ACME registration string n/a yes
cluster_issuer_private_key_secret_name Name of a secret used to store the ACME account private key string cert-manager-private-key no
cluster_issuer_name Cluster Issuer Name, used for annotations string cert-manager no
cluster_issuer_create Create Cluster Issuer? Note: you should create your own issuer if value false bool true no
cluster_issuer_yaml Create Cluster Issuer with your yaml. NOTE: some variables stop to work in case when you using this parameter string null no
additional_set Additional sets to Helm
list(object({
name = string
value = string
type = string // Optional
}))
[] no
solvers Alternate way of providing just the solvers section of the cluster issuer list[object(any)]
- http01:
ingress:
class: nginx
no
certificates List of certificates any refer to "Certificates"

Solvers

An example of a complex solver that uses different methods http01 and DNS01 as well as selectors for different domains would be

solvers = [
  {
    dns01 = {
      route53 = {
        region  = "us-east-1"
        ambient = "true"
      }
    },
    selector = {
      dnsZones = [
        "internal.example.com"
      ]
    }
  },
  {
    dns01 = {
      cloudflare = {
        email = "[email protected]"
        apiKeySecretRef = {
          name = "cloudflare-api-key-secret"
          key  = "API"
        }
      },
    },
    selector = {
      dnsZones = [
        "public.example.com"
      ]
    }
  },
  {
    http01 = {
      ingress = {
        class = "nginx"
      }
    }
  }
]

Certificates

module "cert_manager" {
  ...
  certificates = {
    "my_certificate" = {
      dns_names = ["my.example.com"]
    }
  }
}
Name Description Type Default Required
namespace certificate resource namespace string uses var.namespace_name of this module no
secret_name certificate secret name. Note: for AKS/AGIC ensure cert and secret have the same name string ${Certificate Name}-tls no
secret_annotations certificate secret annotations map(string) {} no
secret_labels certificate secret labels map(string) {} no
duration certificate validity period map(string) "2160h" no
renew_before It will reissue the certificate before this date from the due date string "360h" no
organizations Organization of issuing certificate list(string) [] no
is_ca Whether the certificate is a CA or not bool false no
private_key_algorithm It will generate a private key with this algorithm string "RSA" no
private_key_encoding It will generate a private key with this encoding string "PKCS1" no
private_key_size It will generate a private key of this lengh number 2048 no
usages certificate usages list(string) ["server auth", "client auth"] no
dns_names Domain names for which the certificate is intended list(string) n/a yes
uris certificate URIs list(string) [] no
ip_addresses certificate ip address list(string) [] no
issuer_name issuer name. string Default is the name of the ClusterIssuer created by this module no
issuer_kind issuer kind string "ClusterIssuer" no
issuer_group issuer group string "" no

Outputs

Name Description
namespace Namespace used by cert manager
cluster_issuer_name Created cluster issuer
cluster_issuer_server ACME Server used by Cluster Issuer
cluster_issuer_private_key_name Name of secrets, where cert manager stores private key
certificates[*].map Certificate settings applied to k8s
certificates[*].secret_name Secret name of the certificate

Terraform Requirements

Name Version
terraform >= 0.13.0
kubernetes >= 1.13
helm >= 2.1.0
gavinbunney/kubectl >= 1.13.0

Cert Manager Version: v1.7.1

Source: https://github.com/jetstack/cert-manager

Tutorials: https://cert-manager.io/docs/

terraform-kubernetes-cert-manager's People

Contributors

ajostergaard avatar bohdantverdyi avatar megumish avatar timothyclarke avatar vadimdidenko avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.